One way to use secure communications on an iPhone
Sep 12, '08 07:30:00AM • Contributed by: jehrler

Although the AIM iPhone application works great, the chats are not encrypted. Although iPhone email is great, there is no way to receive or send SMIME email. So, if you are an iPhone user who wants to send a secure message or have a secure conversation with another iPhone user or a computer user what can you do? Without spending a fortune? In fact, doing it for free?

What we did is create a "sharing" IMAP Gmail account with https set as a requirement in the Gmail settings. Then all persons who will need to have the ability to send/receive secure communication get login credentials for this shared Gmail account. (Granted, anyone who has access to this account can read any messages, but we obviously could create other shared email accounts as needed to deal with smaller groups.)

With that set up, when someone needs to send a secure message, they send (via email or AIM) notification to the other parties that they are posting a secure communication. Then, using the wonders of IMAP Gmail, they create a message on the shared Gmail account via an encrypted SSL connection (with no To: addressee ... just to be sure it doesn't accidentally get sent!), and save the message as a Draft. (On the iPhone, to save a draft, you compose a message and then choose Cancel -- it will then ask if you want to save it as a draft.)

Once the Draft is saved, the users who need the message and have the login credentials can access the Gmail account via an SSL encrypted connection from any computer or iPhone. Once they have the info, they then delete the Draft message.

beware that you might be making yourself a terror suspect with this - if I recall right one of the groups they took up this year (last?) was using mails deposited in mailboxes as their means of communication.

One way to use secure communications on an iPhone
Authored by: hamarkus on Sep 12, '08 03:14:58PM

So let me get this straight, you trust the SSL connection to Google's servers and you trust that Google won't read your draft e-mails (which by the way they do to be able to show you the right ads) but you don't trust that an e-mail is sent from one gmail account to another because this might run over non-Google hardware and might not be encrypted?

I'm sorry to be the one to point this out (along with hamarkus), but there is absolutely NO security in this hint. Your connection from your iPhone to gmail's server is secure via https. That's it. Once it is on Google's mail server, though you still own the intellectual property within your email, Google do have access to it.

Plus, according to Google's terms of service, gmail is for personal use only.

This is a non-hint, and does not provide secure communications, as advertised.

If security is important it must be at a cost. If security is important to you, setup your own server and use secure IMAP and SMTP.

The iPhone is not "secure"
Authored by: jweill on Sep 12, '08 06:46:02PM

As long as the iPhone takes screenshots of "everything you do,"* lacks support for end-to-end-encryption, and has huge exploits that stay out in the wild for weeks at a time, there won't be anything "secure" about it. There's also the implications of entrusting Google, AOL, and AT&T with your private data.

One way to use secure communications on an iPhone
Authored by: jehrler on Sep 12, '08 07:58:28PM

First of all, yes Google has access to the data. I am not worried about Google or the NSA but script kiddies and business espionage.

Try not to let perfection be the enemy of the better.

Second, we are Google Apps users and it is designed and marketed for business (heck, they host our business email accounts). This is NOT a violation of the terms of service. For personal use, the hint still works if you need to quickly send some information to a traveling spouse/child with no violation of service terms.

Third, of course a dedicated secure mode paid mode can be more secure but for family use/small business without NSA/Google worries this works and is cost effective.

One way to use secure communications on an iPhone
Authored by: jehrler on Sep 12, '08 08:12:01PM

Y'know, it is sad that there is a whole lot of dumping on this hint.

It is *not* perfection but it is better than any other solution I can find for iPhone communication to another iPhone or computer.

Rather than harping on its short comings, if you *have* a better idea, why not share it!

Trust me, I would *love* to be able to just use smime like we do with Mail or Adium encryption. But, since both of those are MIA I went looking for an alternative. And, all the commenters do is crap on it but offer no real constructive alternatives.

Wow. I also heard that Al Queda uses cell phones. So, if you own an iPhone you are just like a terrorist. They also use computers so if you are interested in this hint because you have an iPhone and posting from your computer you are doubly like a terrorist. Better tell the NSA.